Sunday

25th Aug 2019

Restaurants and hotels worried by EU data bill

  • Small business such as hotels oppose the European Parliament's draft data bill (Photo: Biblioteca de Arte / Art Library Fundação Calouste Gulbenkian)

Small businesses such as bed and breakfasts or cafes will have to hire a data protection officer (DPO) under new rules currently being fine-tuned by the European Parliament.

The parliament says any business that has 500 or more clients a year will require a data protection office to make sure data is secured and laws are being followed.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 18 year's of archives. 30 days free trial.

... or join as a group

But small and medium-sized businesses (SMEs) say this is an unwelcome additional expense in an economy where many are struggling.

The European Commission in its impact assessment report estimates that an SME would have to pay around €1,000 extra each year to have someone ensure protocol is met.

The commission had proposed exempting businesses with fewer than 250 employees from having to hire a DPO, but parliament scrapped the exemption and introduced the 500 clients threshold.

“The commission made an exception for SMEs and they had a reason for that,” said Marta Machado, a policy advisor at the Brussels-based Hortrec, an umbrella organisation for hotels, restaurants, and cafes in Europe.

An average SME in Europe has less than 16 employees. Many others have only one person.

German Green Jan Philipp Albrecht, the lead negotiator on the file at the European Parliament, amended the commission’s draft to include any business with at least 500 or more clients or "data subjects."

A data subject is anyone who has their data processed. Reservation dates, names, addresses and credit card details are among the data a hotel uses to process information on its clients.

Keeping those details in check and making sure they are properly secured is among the tasks of a DPO.

But Dora Szentpaly-Kleis, a legal advisor at the Brussels-based European Association of craft, small and medium-sized enterprises (Ueampe), told this website: “Our problem is not that he [Albrecht] changed the approach because it might make sense to link the number to the data subject but we have the impression that the 500 is a very low number.”

“How did they assess this number because there was no interaction on this issue between the rapporteur and us,” says Szentpaly-Kleis.

A parliamentary source familiar with the file said the number "was open to negotiation."

Germany only member state with data protection officers

Germany is the only member state that currently requires a DPO.

For almost 30 years, any company with at least five employees had to hire an outside consultant to review how personal data was handled. The employee threshold was raised to 10 in 2006 after a legislative reform on data protection.

Werner Hulsmann, a Bonn-based data protection officer who has been working as a freelance DPO since 2004, agrees there are some costs to small businesses but risk of a data breach or violation decreases.

The German experience is varied according to company type, size and whether or not it has locations in other countries.

A 2012 survey by the Bonn-based consultancy firm 2B Advice GmbH found that businesses with up to 50 employees spend just over €1,000 per year on a DPO. Cost increases to over €660,000 for companies with more than 50,000 employees.

The survey assessed 375 German companies, including 90 multinationals.

It noted that a large percentage of data violations come from simple negligence like leaving documents in a printer. Unsecured and unencrypted IT was another weakness. The unlawful processing of personal data was less frequently cited as a violation.

The survey also found that over 38 percent of all in-company data privacy officers do not feel sufficiently well informed well informed about data privacy violations within the company.

“It doesn’t matter how many people or employees work on personal data, they have to accept and follow the rules of data protection,” says Hulsmann.

Focus

The Acta debate - will innovation be stifled?

Opponents of Acta, the controversial anti-counterfeiting treaty up for vote in the European Parliament in July, say, among other things, that it would stifle innovation. Advocates say the exact opposite.

Exclusive

Brexit row delays financial products transparency review

A European financial regulatory body set up after the financial crisis is at loggerheads with the European Commission over whether to carry out a transparency review of certain financial products. The reason: Brexit.

Commission defends Mercosur trade deal

EU commissioners defended a far-reaching free trade agreement between the EU and four Latin American countries, against critics who fear it will damage European farmers' livelihoods and the global environment.

EU hesitates to back France over US tariff threat

France has passed a new tax on tech companies that will affect US global giants like Facebook. Donald Trump has threatened retaliatory tariffs over it. The EU commission says it will "coordinate closely with French" on the next steps.

EU banks more vulnerable to shocks than feared

Eurozone banks, such as Deutsche Bank, might be much more vulnerable to a repeat of the 2008 financial crisis than EU "stress-tests" have said, according to a new audit.

News in Brief

  1. Ocean Viking to disembark in Malta after ordeal
  2. Germany joins France in world outcry on Brazil fires
  3. British people lose faith in Brexit deal
  4. Brexit hardliners want further changes to EU deal
  5. German manufacturers confirm fear of recession
  6. Belgian socialists and liberals scrap over EU post
  7. Fall in EU migration leading to UK skills shortages
  8. Switzerland makes post-Brexit flight preparations

Opinion

Why von der Leyen must put rights at core of business

Ursula von der Leyen's in-tray must include those European executives on trial for systematic workplace harassment, the break-up of European slavery rings, and allegations of European companies' abuse in palm oil, including child labour, land grabs, and deforestation.

Stakeholders' Highlights

  1. UNESDAUNESDA reduces added sugars 11.9% between 2015-2017
  2. International Partnership for Human RightsEU-Uzbekistan Human Rights Dialogue: EU to raise key fundamental rights issues
  3. Nordic Council of MinistersNo evidence that social media are harmful to young people
  4. Nordic Council of MinistersCanada to host the joint Nordic cultural initiative 2021
  5. Vote for the EU Sutainable Energy AwardsCast your vote for your favourite EUSEW Award finalist. You choose the winner of 2019 Citizen’s Award.
  6. Nordic Council of MinistersEducation gets refugees into work
  7. Counter BalanceSign the petition to help reform the EU’s Bank
  8. UNICEFChild rights organisations encourage candidates for EU elections to become Child Rights Champions
  9. UNESDAUNESDA Outlines 2019-2024 Aspirations: Sustainability, Responsibility, Competitiveness
  10. Counter BalanceRecord citizens’ input to EU bank’s consultation calls on EIB to abandon fossil fuels
  11. International Partnership for Human RightsAnnual EU-Turkmenistan Human Rights Dialogue takes place in Ashgabat
  12. Nordic Council of MinistersNew campaign: spot, capture and share Traces of North

Latest News

  1. Spain heading for yet another general election
  2. EU to discuss Brazil beef ban over Amazon fires
  3. 'Our house is burning,' Macron says on Amazon fires
  4. What happens when trafficking survivors get home
  5. EU states and Russia clash on truth of WW2 pact
  6. EU considers new rules on facial recognition
  7. EU to pledge Africa security funds at G7 summit
  8. Letter from the EESC on per diem article

Stakeholders' Highlights

  1. Nordic Council of MinistersLeading Nordic candidates go head-to-head in EU election debate
  2. Nordic Council of MinistersNew Secretary General: Nordic co-operation must benefit everybody
  3. Platform for Peace and JusticeMEP Kati Piri: “Our red line on Turkey has been crossed”
  4. UNICEF2018 deadliest year yet for children in Syria as war enters 9th year
  5. Nordic Council of MinistersNordic commitment to driving global gender equality
  6. International Partnership for Human RightsMeet your defender: Rasul Jafarov leading human rights defender from Azerbaijan
  7. UNICEFUNICEF Hosts MEPs in Jordan Ahead of Brussels Conference on the Future of Syria
  8. Nordic Council of MinistersNordic talks on parental leave at the UN
  9. International Partnership for Human RightsTrial of Chechen prisoner of conscience and human rights activist Oyub Titiev continues.
  10. Nordic Council of MinistersNordic food policy inspires India to be a sustainable superpower
  11. Nordic Council of MinistersMilestone for Nordic-Baltic e-ID
  12. Counter BalanceEU bank urged to free itself from fossil fuels and take climate leadership

Join EUobserver

Support quality EU news

Join us